Attackers could bypass Android lock screens with a large-enough password
Attackers could bypass Android lock screens with a large-enough password
If you’re keeping up to date with mobile security news, it may look as if an exploit is being discovered every other day. Experts at the University of Texas have apparently discovered a way to crash Android lock screens by crashing it with an extremely long password, effectively giving attackers a free pass to rifle through your device’s data.
Long story short: It involves entering the Emergency Call dialer, continually copying and pasting strings of characters into the field, and then pasting it again into the password prompt when the camera app is open.
The exploit affects most versions of Android Lollipop, but there’s actually less cause for concern than you think. For one, you’ll have to be using a password-protected lock screen for the exploit to be effective. This means that folks who lock their phones with a PIN code or pattern are in the clear. And of course, it requires an attacker to actually get hold of your device.
Still, that’s no reason to be entirely flippant about it. While a fix has already been rolled out to Google’s Nexus devices, other manufacturers are probably still lagging behind, despite pledges from companies like LG to push out security updates more promptly.
So if you don’t own a Nexus device, maybe it’s time to err on the side of caution and make sure your Android phone is protected by something other than a password.
Source: University of Texas via Engadget